[squid-users] SSL errors with Squid 3.5.27
vh1988 at yahoo.com.ar
Wed Jun 13 21:20:59 UTC 2018
>Yes. With "debug_options ALL,9" and a "grep --context=10 'FD nn'" f the resulting cache.log for whatever the FD number is in the test after you update the logging content. Some of those lines should show >what is happening on >that FD, maybe some clues in there.
I Will try that debug options and then post here...
> Some whatsapp/Facebook server with the command:
> Openssl s_client -connect -showcerts x.x.x.x:443
> Does not shows any cert and establishes a connection with TLS 1.2...
> Any idea?
>Probably something you are not noticing, or think is irrelevant but actually is.
>Since you are hiding the details of what is going on we cannot replicate and see for ourselves if there is any hint in those hidden results which anyone with more knowledge might find.
Here a example:
openssl s_client -connect 126.96.36.199:443
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 290 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Protocol : TLSv1.2
Cipher : 0000
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1528924452
Timeout : 300 (sec)
Verify return code: 0 (ok)
And the whois that server:
% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '188.8.131.52 - 184.108.40.206'
% Abuse contact for '220.127.116.11 - 18.104.22.168' is 'domain at fb.com'
inetnum: 22.214.171.124 - 126.96.36.199
status: ASSIGNED PA
role: RIPE DBM
address: 1601 Willow Rd.
address: Menlo Park, CA, 94025
source: RIPE # Filtered
abuse-mailbox: domain at fb.com
% This query was served by the RIPE Database Query Service version 1.91.2 (ANGUS)
The same if the server had been whatsapp, etc...
More information about the squid-users